CVE-2025-14270

The OneClick Chat to Order plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.0.9. This is due to the plugin not properly verifying that a user is authorized to perform an action in the waordernumbersavenumberfield function. This makes it possible for...

CVE-2025-14270

CVE-2025-14270 (OneClick Chat to Order, WordPress) The WordPress plugin is vulnerable to an authorization bypass in versions

CVE-2025-14270 OneClick Chat to Order <= 1.0.9 - Missing Authorization to Authenticated (Editor+) Plugin Settings Update

The OneClick Chat to Order plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.0.9. This is due to the plugin not properly verifying that a user is authorized to perform an action in the waordernumbersavenumberfield function. This makes it possible for...

CVE-2025-14270 OneClick Chat to Order <= 1.0.9 - Missing Authorization to Authenticated (Editor+) Plugin Settings Update

The OneClick Chat to Order plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.0.9. This is due to the plugin not properly verifying that a user is authorized to perform an action in the waordernumbersavenumberfield function. This makes it possible for...

WordPress OneClick Chat to Order plugin <= 1.0.9 - Missing Authorization to Authenticated (Editor+) Plugin Settings Update vulnerability

Missing Authorization to Authenticated Editor+ Plugin Settings Update vulnerability discovered by Mohammad Amin Hajian mamadrce in WordPress Plugin OneClick Chat to Order versions = 1.0.9...

WordPress Plugin OneClick Chat to Order Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin OneClick Chat to Order,...

WordPress OneClick Chat to Order plugin <= 1.0.8 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure vulnerability

Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure vulnerability discovered by Md Shofiur Rahman - Pentest Testing Corp in WordPress Plugin OneClick Chat to Order versions = 1.0.8...

CVE-2025-13526

The OneClick Chat to Order plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0.8 via the 'waorderthankyouoverride' function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view...

CVE-2025-13526

The OneClick Chat to Order plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0.8 via the 'waorderthankyouoverride' function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view...

CVE-2025-13526

The CVE concerns the WordPress plugin OneClick Chat to Order . All versions up to and including 1.0.8 are vulnerable to an Insecure Direct Object Reference via the function wa_order_thank_you_override due to missing validation on a user-controlled key. This allows unauthenticated attackers to vie...

CVE-2025-13526 OneClick Chat to Order <= 1.0.8 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure

The OneClick Chat to Order plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0.8 via the 'waorderthankyouoverride' function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view...

WordPress plugin OneClick Chat to Order 信息泄露漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin OneClick Chat to Order,...

EUVD-2023-51657

Malicious code in bioql PyPI...

EUVD-2022-52058

Malicious code in bioql PyPI...

EUVD-2024-26784

Malicious code in bioql PyPI...

CVE-2024-29789

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Walter Pinem OneClick Chat to Order allows Stored XSS.This issue affects OneClick Chat to Order: from n/a through 1.0.5...

CVE-2023-47546

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Walter Pinem OneClick Chat to Order plugin = 1.0.4.2 versions...

CVE-2022-4760

The OneClick Chat to Order WordPress plugin before 1.0.4.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against hi...

OneClick Chat to Order < 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The OneClick Chat to Order plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above,...

CVE-2024-29789

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Walter Pinem OneClick Chat to Order allows Stored XSS.This issue affects OneClick Chat to Order: from n/a through 1.0.5...